zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From saurabh jain <sauravma...@gmail.com>
Subject Fwd: [jira] [Updated] (ZOOKEEPER-2428) IbmX509 KeyManager and TrustManager algorithm not supported
Date Sat, 14 May 2016 00:18:27 GMT
Hello everyone,

Two days back i created a jira for an issue which we are facing in our
application while using zookeeper.

Jira no is - 2428 ,https://issues.apache.org/jira/browse/ZOOKEEPER-2428

But right now when i am trying to see this jira , it is saying it doesn't
exist.

Is it removed or moved somewhere else ?

Please advise.

Thanks,
Saurabh

---------- Forwarded message ----------
From: Timothy Fanelli (JIRA) <jira@apache.org>
Date: Wed, May 11, 2016 at 3:35 PM
Subject: [jira] [Updated] (ZOOKEEPER-2428) IbmX509 KeyManager and
TrustManager algorithm not supported
To: sauravmanit@gmail.com



     [
https://issues.apache.org/jira/browse/ZOOKEEPER-2428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Timothy Fanelli updated ZOOKEEPER-2428:
---------------------------------------
    Description:
When connecting from a zookeeper client running in IBM WebSphere
Application Server version 8.5.5, with SSL configured in ZooKeeper, the
below mentioned exception is observed.

org.jboss.netty.channel.ChannelPipelineException: Failed to initialize a
pipeline.
      at
org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:208)
      at
org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)
      at
org.apache.zookeeper.ClientCnxnSocketNetty.connect(ClientCnxnSocketNetty.java:112)
      at
org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:1130)
      at
org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1158)
Caused by: org.apache.zookeeper.common.X509Exception$SSLContextException:
Failed to create KeyManager
      at
org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:75)
      at
org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initSSL(ClientCnxnSocketNetty.java:358)
      at
org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.getPipeline(ClientCnxnSocketNetty.java:348)
      at
org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)
      ... 4 more
Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException:
java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not
available
      at
org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:129)
      at
org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:73)
      ... 7 more
Caused by: java.security.NoSuchAlgorithmException: SunX509
KeyManagerFactory not available
      at sun.security.jca.GetInstance.getInstance(GetInstance.java:172)
      at
javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:9)
      at
org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:118)

Reason : IBM websphere uses its own jre and supports only IbmX509
keymanager algorithm which is causing an exception when trying to get an
key manager instance using SunX509 which is not supported.
Currently KeyManager algorithm name  (SunX509) is hardcoded in the class
X509Util.java.

Possible fix: Instead of having algorithm name hardcoded to SunX509 we can
fall back to the default algorithm supported by the underlying jre.

Instead of having this -
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");

can we have ?
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

  was:
When connecting from a zookeeper client running on websphere version 8.5.5
in SSL mode below mentioned exception is observed.

org.jboss.netty.channel.ChannelPipelineException: Failed to initialize a
pipeline.
      at
org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:208)
      at
org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)
      at
org.apache.zookeeper.ClientCnxnSocketNetty.connect(ClientCnxnSocketNetty.java:112)
      at
org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:1130)
      at
org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1158)
Caused by: org.apache.zookeeper.common.X509Exception$SSLContextException:
Failed to create KeyManager
      at
org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:75)
      at
org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initSSL(ClientCnxnSocketNetty.java:358)
      at
org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.getPipeline(ClientCnxnSocketNetty.java:348)
      at
org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)
      ... 4 more
Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException:
java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not
available
      at
org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:129)
      at
org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:73)
      ... 7 more
Caused by: java.security.NoSuchAlgorithmException: SunX509
KeyManagerFactory not available
      at sun.security.jca.GetInstance.getInstance(GetInstance.java:172)
      at
javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:9)
      at
org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:118)

Reason : IBM websphere uses its own jre and supports only IbmX509
keymanager algorithm which is causing an exception when trying to get an
key manager instance using SunX509 which is not supported.
Currently KeyManager algorithm name  (SunX509) is hardcoded in the class
X509Util.java.

Possible fix: Instead of having algorithm name hardcoded to SunX509 we can
fall back to the default algorithm supported by the underlying jre.

Instead of having this -
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");

can we have ?
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());


> IbmX509 KeyManager and TrustManager algorithm not supported
> -----------------------------------------------------------
>
>                 Key: ZOOKEEPER-2428
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2428
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 3.5.1
>            Reporter: Saurabh Jain
>            Priority: Minor
>
> When connecting from a zookeeper client running in IBM WebSphere
Application Server version 8.5.5, with SSL configured in ZooKeeper, the
below mentioned exception is observed.
> org.jboss.netty.channel.ChannelPipelineException: Failed to initialize a
pipeline.
>       at
org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:208)
>       at
org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:182)
>       at
org.apache.zookeeper.ClientCnxnSocketNetty.connect(ClientCnxnSocketNetty.java:112)
>       at
org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:1130)
>       at
org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1158)
> Caused by: org.apache.zookeeper.common.X509Exception$SSLContextException:
Failed to create KeyManager
>       at
org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:75)
>       at
org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.initSSL(ClientCnxnSocketNetty.java:358)
>       at
org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientPipelineFactory.getPipeline(ClientCnxnSocketNetty.java:348)
>       at
org.jboss.netty.bootstrap.ClientBootstrap.connect(ClientBootstrap.java:206)
>       ... 4 more
> Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException:
java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not
available
>       at
org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:129)
>       at
org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:73)
>       ... 7 more
> Caused by: java.security.NoSuchAlgorithmException: SunX509
KeyManagerFactory not available
>       at sun.security.jca.GetInstance.getInstance(GetInstance.java:172)
>       at
javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:9)
>       at
org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:118)
> Reason : IBM websphere uses its own jre and supports only IbmX509
keymanager algorithm which is causing an exception when trying to get an
key manager instance using SunX509 which is not supported.
> Currently KeyManager algorithm name  (SunX509) is hardcoded in the class
X509Util.java.
> Possible fix: Instead of having algorithm name hardcoded to SunX509 we
can fall back to the default algorithm supported by the underlying jre.
> Instead of having this -
> KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
> TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
> can we have ?
> KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message